“Banks Heap Suits on Target Over Breach,” read a recent headline of a Wall Street Journal story. By that time, seven financial institutions had already filed class action suits against the retailing giant, alleging it did not sufficiently protect its customer’s data. They have a case, as a review of how the breach occurred shows that hackers accessed customer information despite the fact that the credit card security codes and debit PINs were encrypted.
Numerous other retailers have also suffered cyberattacks, but at 40 million accounts the magnitude of the Target bombshell heralds a call-to-arms for all retailers and any other businesses that allow consumers access to their accounts via the Internet. This includes diverse industries such as healthcare, education, hospitality, government, travel and the very institutions behind the recent lawsuits, banking and financial.
The Risk Based Security and Open Security Foundation reported a record number of 2,644 breaches in 2012 where 70% was due to external hacking. A total of 267 million records were exposed and according to Javelin Research the dollar amount stolen was $21 billion, a three-year high.
Conducting “business as usual” will no longer suffice. To reassure and retain now-skittish consumers, any entity that engages in e-commerce must employ greater lock-down methods. ID authentication now requires protection that goes beyond ordinary PIN and passwords.
Some early-adopting businesses and institutions have already pegged biometric-signature authentication as a more secure approach to providing greater accuracy in customer verification. Given the advantages that the latest systems require absolutely no additional hardware, entail no extra expense by users, reside “in the cloud” outside of the company‘s business system and allow for the monitoring of fraudulent activity, this subset of biometric verification is emerging as a strong new strategy of defense.
“We have utilized signature biometrics for nearly three years with over 10,000 student users, and it has exceeded our expectations,” says Dr. Mark Sarver, CEO of eduKan—a consortium of community colleges offering online courses and degrees. “It provides an identity-proofing means that is transparent to our students while respecting their privacy, is available anytime, and stays cost-effective for the institution.